This is the fifth monthly report on the progress made towards building an effective and genuine Security Union and covers developments under two main pillars: tackling terrorism, organised and cyber crime and the means that support them; and strengthening our defences and building resilience against those threats.

A prerequisite of building an effective and genuine Security Union is ensuring the timely adoption and full and effective implementation of EU legislation.

The 13 December 2016 Joint Declaration of the Presidents of the Parliament, Council and Commission1 agreed 58 legislative priorities for 2017. Within this are a number of pending proposals which are key to the delivery of the Security Union including: the Terrorism Directive; the Firearms Directive; the EU Entry Exit System (EES); the European Travel Information and Authorisation System (ETIAS); the Directive on Money Laundering and Terrorist Financing; the European Criminal Records Information System (ECRIS) and the Regulation on Privacy and Electronic Communications (ePrivacy) Regulation. Reaching swift agreements on these proposals is vital and this report will look at the current state of play on each.

The focus on implementation also applies to existing legislation, including instruments that are still in the phase of transposition. This report also provides an update on the key files in this category such as Explosive Precursors, Passenger Name Records (PNR), the Prüm Decisions on sharing vehicle, fingerprint and DNA data between Member States and on the transposition of the Network Information Security (NIS) Directive.

In addition to progress on legislative files this report covers implementation of some key Security Union non-legislative files in the area of building EU resilience such as the Commission's work on countering radicalisation through the Radicalisation Awareness Network, on Soft Target Protection, and on Aviation Security in third countries.

The next monthly report in April will focus on organised crime and the priorities for the 2017 EU "Policy Cycle" which provides a strategic framework to reinforce effective cooperation among national law enforcement agencies, EU agencies and EU institutions in this area as well as on operational police and judicial cooperation, including Joint Investigation Teams.

II. IMPLEMENTATION OF LEGISLATIVE PRIORITIES FOR BETTER PROTECTING THE SECURITY OF CITIZENS

Last month, the EU made an important step forward in the fight against terrorism with the adoption by the European Parliament of the Commission's proposal for a Directive on combating terrorism. The Council is now due to adopt the proposal in early March. Once implemented, the new Directive will provide law enforcement agencies and prosecutors with key tools to fight the evolving terrorist threat including the criminalisation of behaviour linked to foreign terrorist fighters, terrorist training and the financing of terrorism. The Directive will also improve the existing rules on exchange of information on terrorist offences and enable the taking down of online terrorist content, helping to keep the EU safer, while respecting fundamental rights. Finally, the Directive will improve the status and rights of victims of terrorism, ensuring that they have access to support services, immediately after an attack and for as long as necessary thereafter. Following political agreement between the co-legislators in November 2016, the European Parliament plenary voted in favour of the proposal on 16 February and the Council will now proceed with formal adoption in early March. Member States have 18 months to transpose the Directive into national law. The Commission will facilitate a swift and correct transposition in the Member States through a series of workshops starting before the summer of 2017. With the Directive, the EU transposes the 2015 Additional Protocol to the Council of Europe convention on terrorism. Many Member States have already taken the necessary steps to update their legislation in line with the Protocol.

Following political agreement between the co-legislators on 20 December 2016 on the revision of the Firearms Directive to tighten controls and prohibitions on the most dangerous weapons, the European Parliament plenary is due to vote on 14 March. The proposal significantly broadens the range of weapons falling under the strictest Category A ban including automatic weapons converted into semi-automatic and military-grade semi- automatic weapons with high capacity magazines and loading devices. Once the Directive is implemented it will no longer be possible to buy or trade these weapons other than for a very narrowly defined group of licence holders such as museums or sports shooters who will be subject to stringent security and monitoring requirements. The proposal significantly strengthens controls on traceability, marking and deactivated weapons. In parallel, the Commission has taken forward work in the technical committee on deactivation standards with Member States' experts. Agreement was reached on 8 February on revised more stringent technical criteria which will now be tested to ensure they deliver effective irreversibility of deactivation before being formally adopted. In parallel the Commission is stepping up action to combat the illicit trade in weapons both with key third countries such as those in the Western Balkans. The fight against illegal firearms should also be a priority in the next "Policy Cycle" on serious and organised crime for the period 2017-2021.

Discussions are on-going in the European Parliament and Council on the Commission proposals to establish an EU Entry/Exit System to improve border management, combat irregular migration and strengthen internal security by recording the movements of third country nationals across the Schengen area external borders, and on a European Travel Information and Authorisation System (ETIAS), which will put in place a system to allow advance checks for security and migration risks on visa-exempt travellers. The European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE) adopted its negotiating mandate on the EU Entry/Exit System on 27 February 2017. The Commission urges both co-legislators to make swift progress in the subsequent negotiations, mindful of the target date of June 2017 as set by the European Council in December 2016.

On ETIAS, Member States' experts are discussing the Commission proposal at Council working group level while the European Parliament's LIBE Committee has appointed its rapporteur for the file.

As regards the Commission proposal to extend the Exchange of Criminal Records Information System (ECRIS) to third country nationals, the Commission is examining technical solutions for a centralised infrastructure to support the exchange of such information. Taking into account the recommendations of the High Level Expert Group on Information Systems and Interoperability to be presented in April 2017, the Commission will present a modified legislative proposal in June 2017.

The Commission's proposal for targeted amendments to the 4th Anti Money Laundering Directive was adopted by the College on 5 July 2016. Having examined the proposal, the Council reached a negotiating mandate on 20 December 2016. The proposal was designed to cover new means of terrorist financing such as virtual currencies and pre-paid cards and to increase transparency to help to combat money laundering. The European Parliament report was adopted on 28 February 2017. The Commission calls on the co-legislators to finalise negotiations as quickly as possible on this important proposal which will help to further reduce the means available to terrorists.

The legislative process has begun in both the European Parliament and the Council on the Commission's proposal for a Regulation on Privacy and Electronic Communications(ePrivacy). The aim is to deliver a level playing field for electronic communications providers, achieving a high level of protection for consumers while allowing businesses to innovate. In the European Parliament, the LIBE Committee will be in the lead with a rapporteur to be designated shortly, and with ITRE, JURI and IMCO Committees being associated. Work has also started at Council working group level. Being a priority file for the three institutions, progress is expected to be achieved swiftly so that the Regulation can apply by 24 May 2018, at the same time as the entry into application of the General Data Protection Regulation.

III. IMPLEMENTATION OF OTHER LEGISLATIVE INITIATIVES

Beyond the pending proposals mentioned in the Joint Declaration, it is important to note that work is on-going in the European Parliament and the Council on the Commission proposal to reinforce the Schengen Information System (SIS) to improve border management and better fight terrorism and cross-border crime. Member States' experts are discussing the proposal at Council working group level. The European Parliament's LIBE Committee is currently in the process of appointing its rapporteur. The proposed measures will deliver key improvements in information sharing and cooperation between Member States, notably through an obligation to create a SIS alert in cases related to terrorist offences, the introduction of a new alert category on "unknown wanted persons", the introduction of systematic checks of EU citizens against the SIS at external borders and the addition of full access rights for Europol. The proposed changes will also contribute to the effective enforcement of entry bans for third-country nationals at the external border by making their introduction in the SIS compulsory. They will improve the enforcement of return decisions issued to irregularly staying third-country nationals by introducing a new alert category for return decisions. The Commission calls on the co-legislators to expedite work on this important file.

On 21 December 2016, the Commission proposed a new Directive to criminalise money laundering which would also provide competent authorities with adequate criminal law provisions to prosecute criminals and terrorists. The proposed measures – once agreed – would establish minimum rules concerning the definition of criminal offences and sanctions related to money laundering; close existing gaps in difference between national rules that criminals can exploit; remove obstacles to cross-border judicial and police cooperation by setting common provisions to improve the investigation of offences related to money laundering; and bring the EU norms in line with the international obligations in this area, as set out in the Council of Europe Warsaw Convention and Financial Action Task Force recommendations. Since then, discussion has begun in the Council at working group level with the aim of reaching a general approach before the summer. Discussions are expected to start shortly in the European Parliament. The Commission welcomes these positive developments and encourages the co-legislators to prioritise this dossier.

In the area of aviation security, existing EU legislation establishing the technical specifications and performance requirements for aviation security screening equipment at EU airports does not establish a legally binding EU-wide conformity assessment scheme to ensure that the required standards are met at all EU airports. As a result, equipment certified in one EU Member State cannot be put on the market in others. The Commission therefore put forward a proposal in September 2016 to establish a single EU certification system based on a common testing methodology and the issuance of certificates of conformity by manufacturers, which would be valid in all EU Member States, according to the principle of mutual recognition. The creation of such a system will help overcome market fragmentation, strengthen the competitiveness of the EU security industry, boost employment in the sector and ultimately contribute to improving aviation security across Europe. The proposal is currently being discussed by co-legislators at working level.

The Commission has continued to work to ensure that EU rules in the area of illicit manufacturing of homemade explosives are adapted to emerging threats.2 In November 2016, the rules on the marketing and use of explosive precursor substances that can be used in the illicit manufacturing ofhomemade explosives were reinforced by adding three substances3 to the list4 of substances subject to strict reporting obligation on any suspicious transactions, disappearances and thefts. In addition, the Commission intends to launch in 2017 an evaluation of the effectiveness of Regulation (EU) No 98/2013 in order to strengthen the existing restrictions and controls.

The Commission has also taken action against those Member States that still have not fully implemented all provisions of Regulation (EU) No 98/2013 on the marketing and use of explosives precursors. Following the first steps of infringement procedures in May and September 2016, the Commission launched the second step on 15 February by addressing reasoned opinions to Cyprus, France and Romania. These Member States have not yet laid down the required rules on penalties applicable to infringements of the restrictions and controls imposed on the dangerous chemicals which could be used by terrorists to manufacture homemade explosives.

The Commission is continuing to support Member States in the swift implementation of the EU Passenger Name Record (PNR) Directive and the setting up of Passenger Information Units (PIUs) in each Member State. In December 2016, the Commission organised a third meeting with Member States' experts to share lessons learned and best practice. The indicative milestones for the setting up of PIUs as set out in the Commission's Implementation Plan of November 2016 are being used to monitor the implementation of the Directive. As compared to the situation outlined in the Implementation Plan, six Member States can now be included in the category of Member States that have both functional or almost functional PNR systems in place and a dedicated legal basis providing for the collection or processing of PNR data. The Commission regularly receives information from all Member States on the advancement of the implementation process. In 2017 EUR 70 million are programmed under the Internal Security Fund for the implementation of the PNR Directive and the Commission is in discussion with Member States on the revision of their national programmes under the Fund to allocate the additional funding.

In the area of information exchange between Member States, the Prüm Decisions5 of 2008 introduced procedures for fast and efficient data exchanges between Member States by laying down rules and providing a framework to allow Member States to search each other's DNA analysis files, fingerprint identification systems and vehicle registration data bases. Prüm was a tool that helped French investigators after the Paris terrorist attacks of November 2015. Considerable progress has been made in the implementation of Prüm in recent months with increasing volumes of data exchange. However, a number of Member States have still to implement the Decisions almost a decade later. The Commission has therefore used the enforcement powers it acquired under the Treaty of Lisbon in the Justice and Home Affairs area6 to launch infringement cases against Croatia, Greece, Ireland, Italy and Portugal for failing to comply with the Prüm Decisions.7

The Fourth Security Union Progress Report8 outlined the different work strands already underway to address cyber threats, and recalled the central role of the Network and Information Security (NIS) Directive that lays the groundwork for improved EU level cooperation and cyber-resilience. The first formal meeting of the NIS Cooperation Group created by the Directive was held in February with Member States, the Commission and the European Union Agency for Network and Information Security (ENISA). The Group addressed key issues of transposition and agreed to take work forward in expert groups on a number of aspects, including the criteria to define the criticality of an operator, the consultation process in cases of cross-border impact of an operator, and the procedure for mandatory sharing of information between affected Member States. To support implementation of the cybercrime acquis, the Commission addressed reasoned opinions to Bulgaria, Belgium and Ireland in December 2016, which have not communicated complete transposition of Directive 2013/40/EU on attacks against information systems in their national legislation. On 16 December, the Commission also adopted two reports9 on the implementation of Directive 2011/93/EU on combating the sexual abuse and sexual exploitation of children and child pornography, with one report focusing specifically on measures Member States are taking against websites containing or disseminating child pornography.

IV. IMPLEMENTATION OF NON-LEGISLATIVE ACTIONS

The Commission plays a key role in driving, facilitating, financing and coordinating work in a number of non-legislative areas central to the fight against terrorism and organised crime such as radicalisation, soft target protection, transport security, cyber security and hybrid threats. Responding to the threats posed by returning foreign terrorist fighters and on-line radicalisation requires a sustained effort to identify, support and monitor those vulnerable to radicalisation while at the same time working to reduce on-line terrorist propaganda and to provide credible counter narratives. The December 2016 Berlin attack once again highlighted the importance of soft target protection.

The Commission and the Radicalisation Awareness Network (RAN) Centre of Excellence are accelerating work to provide both practitioners and policy makers with concrete guidance and recommendations to more effectively prevent and counter existing and emerging challenges of radicalisation. In February 2017, the Commission launched a new network of national prevention policy makers. This new policy network pursues two main objectives: to strengthen and institutionalise the exchange of expertise and experiences on "prevent" approaches and prevention policies among Member States; and to ensure closer involvement of Member States in RAN activities. It will complement the existing RAN, which brings together first line practitioners, with a more policy-oriented network and help ensure that good practices are mainstreamed into new policy initiatives.

The RAN Centre of Excellence has also launched work on a manual on returnee responses to provide practitioners across Europe with the necessary skills, knowledge and confidence to ensure the most appropriate and the most effective intervention. As some of these individuals will be returning with very young children, the Commission has tasked the RAN to produce guidance on how to protect and support children who have been born or raised in terrorist-held territory or who have been raised in a radicalised environment within the EU.

In addition, the RAN will develop in 2017 a manual presenting specific guidelines to prevent polarisation and tackle radicalisation. The RAN Centre of Excellence will produce two toolkits, on radicalisation awareness training for front line practitioners on local strategies and approaches to help those fighting radicalisation at grass roots level.

As regards online radicalisation, actions agreed with internet companies at the December 2016 meeting of the EU Internet Forum are currently in the phase of implementation. The 'database of hashes', a platform to flag terrorist online content in order to ensure its irreversible removal, developed by the internet industry in close cooperation with the Commission, is expected to be launched this month. The Commission on 15 March 2017 will also launch its Civil Society Empowerment Programme, with a financial endowment of EUR 15 million to strengthen effective counter-messages online.

Prevention of radicalisation also means addressing its root causes, including stigmatisation of communities, intolerance and racism. The Commission is promoting education, inter-cultural dialogue, inclusion and non-discrimination action through EU funding. In January 2017, the Commission received project applications under the Rights, Equality and Citizenship Programme10 aiming, inter alia, at preventing and combating Antisemitism and anti-Muslim hatred and intolerance, and at fostering better understanding between different communities, including through interreligious and intercultural activities. Action is also being taken to develop tools and practices to prevent and counter online racist and xenophobic hate speech.

As announced in the Fourth Security Union Progress Report, the Commission convened in February the first workshop on Soft Target Protection bringing together Member States experts across various disciplines (counter-terrorism, law enforcement, transport security and research) to discuss ways to improve the protection of soft targets (transport, sport events, shopping malls, schools, etc.). The workshop is the first step in the development of an EU platform for Member States to exchange experience to increase their resilience and protection against future soft target attacks. The following areas were identified for further exchanges: integration of risk assessment methodologies into the planning of public events or the protection of crowded areas; tackling the challenge posed by insider threats through re-examination of vetting procedures; strengthening early detection of weapons and explosives through the testing and use of innovative detection equipment and by exploring possible common standards for purposes other than aviation; raisingpublic awareness and responses to attack situations and closer engagement between governments and private stakeholders. A further priority area identified was joint work on "protection by urban planning" for the construction of new buildings and public areas.

In the field of hybrid threats, the Commission and the High Representative, will report to the Council in July 2017 on the implementation of the 22 actions in the 2016 Joint Framework on countering hybrid threats, which covers notably the protection of critical infrastructure (e.g. in the field of energy and transport infrastructure and systems). The Joint Framework is designed to foster the resilience of the EU and Member States as well as partners and to enhance cooperation with NATO11 in countering such threats.

In the area of transport security, the EU has developed a robust aviation security framework. However, flights coming into the EU from third countries canpresent vulnerabilities. There is a need to close this potential security loophole through international cooperation via the International Civil Aviation Organisation (ICAO) as well as bilateral capacity building efforts in line with the UN Security Council Resolution 2309.12 In January 2017, the Commission, together with the Member States and the European External Action Service launched work to develop a matrix combining risk assessment and detailed elements of vulnerability to provide the basis for prioritisation and coordination of external capacity-building efforts. In parallel, the Commission is accelerating its work on defining a common approach to security in maritime and land transport, which should be risk-based, proportionate and sustainable.

Following the outcome of the discussion at the 8-9 December 2016 Justice and Home Affairs Council meeting, Member States called for a reflection process on how to deal with encryption in the context of criminal investigations. The Commission has launched two parallel workstreams: legal and technical to collect information and explore options on how to address the need to overcome encryption barriers where needed for the purpose of serious crime investigations while maintaining trust and security in the digital world.

Concerning the external dimension of counter-terrorism, the implementation of the February 2015 Council Conclusions is on track with an increase of 60% in counter-terrorism-related projects with third countries totalling EUR 225 million focusing on building capacity of partners. Discussions were held with Tunisia at the second high level political dialogue on security and counter-terrorism on 19 January 2017. They addressed an action plan on arms trafficking, joint work on terrorist financing, strengthening border management capacity and further cooperation in the prevention of radicalisation, with a view to agreeing a 2017 EU-Tunisia joint Counter-Terrorism Work Plan. Since the beginning of the year, the EU has also held dedicated discussions on counter-terrorism with a number of third countries including Saudi Arabia, Russia and Australia, and hosted a delegation from the League of Arab States.

V. CONCLUSION

Building an effective and sustainable Security Union requires close cooperation between the Commission, the European Parliament and Member States to deliver both the legislative and non-legislative components that together strengthen security for our citizens. The Joint Declaration legislative priorities with Security Union relevance are key building blocks, and teamwork will be required to ensure their rapid and full delivery. Swift and effective implementation must follow in order for these actions to be effective. The Commission will continue to play its part fully in ensuring that this happens.

(2)See also: Report from the Commission to the European Parliament and the Council on the application of, and delegation of power under Regulation (EU) 98/2013 of the European Parliament and of the Council on the marketing and use of explosives precursors, 28.2.2017.

(6)As of 1 December 2014 being end of a five year transitional period foreseen in Protocol 36 of the Treaty of Lisbon.

(7)These Member States have not yet ensured automated data exchanges in at least two of the three data categories of DNA, fingerprints and national vehicle registration data. All five Member States have responded to the letters of formal notice. The responses are currently being assessed by the Commission services.

(10)In January 2017 the deadline expired for applications for the Rights, Equality and Citizenship Programme's call for proposals of EUR 4.475.000.

(11)In line with the Joint declaration by the President of the European Council, the President of the European Commission, and the Secretary General of the North Atlantic Treaty Organization, 8 July 2016.